From eb22e2eb6b8c18309a836cf72d90fe401d3ba595 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 2 May 2013 17:22:12 +0200 Subject: [PATCH] Enhance apache-scan filters --- root/etc/fail2ban/filter.d/apache-scan.conf | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/root/etc/fail2ban/filter.d/apache-scan.conf b/root/etc/fail2ban/filter.d/apache-scan.conf index 0e1dcfa..26a624b 100644 --- a/root/etc/fail2ban/filter.d/apache-scan.conf +++ b/root/etc/fail2ban/filter.d/apache-scan.conf @@ -1,9 +1,11 @@ [Definition] -re_pma = pma|PMA|phpmyadmin|phpMyAdmin|myadmin|mysql|mysqladmin|sqladmin|mypma|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|myadmin2|php\-my\-admin|sqlmanager|websql|sqlweb|MyAdmin|phpadmin|sql|pma2005|databaseadmin|phpmanager -re_admin = administrator|manager|webadmin|ecrire|admin|mailadmin -re_proxy = freenode-proxy-checker\.txt|proxy|proxychecker -re_various = vtigercrm|typo3|scripts|wp\-admin|wordpress|horde +re_pma = (admin|administrator|database|db|sql|typo3|xampp\/)?(pma|PMA|phpmyadmin|phpMyAdmin(\-?[\d\.\-]+((rc|pl|beta)\d+)?)?|myadmin|mysql|mysqladmin|sqladmin|mypma|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|myadmin2|php\-my\-admin|sqlmanager|websql|sqlweb|MyAdmin|phpadmin|sql|pma2005|databaseadmin|phpmanager)(\/main\.php|setup\.php|read_dump\.php|read_dump\.phpmain\.php)? +re_admin = administrator|manager|webadmin|ecrire|admin|mailadmin|setup\.php +re_proxy = freenode-proxy-checker\.txt|proxy|proxychecker|proxyheader\.php +re_various = vtigercrm|typo3|scripts|wp\-admin|wp\-login\.php|wordpress|horde(\d+)?|w00tw00t\.* failregex = \[client \] File does not exist: .*\/(%(re_pma)s|%(re_admin)s|%(re_proxy)s|%(re_various)s)$ + \[client \] client denied by server configuration: .*\/(%(re_admin)s|%(re_proxy)s)$ + \[client \] client sent HTTP/1.1 request without hostname \(see RFC2616 section 14.23\): ignoreregex =